On 05/02/11 09:53, Case Hugo wrote:
> Several times a week we get this attempt:
>
> Warning, userHIDDEN@s@elkgrove.net tried to login with weak password,
> possibly a hacker, use tellmail test_weak (74.134.89.250)
>
> 9 out of 10 times, they are attempting to hack either 'root' or
> 'windows'. Does anyone know why they would target these two
> (nonexistent) email accounts and how can I block them ahead of time?
> Right now I take their IP and add those the the "deny" list.
>
> TIA
>

It's quite common for the spammers to have a dictionary of common role 
ID's for probing email servers.  Surgemail does not by default have 
these other than the postmaster for the primary domain.

If you go back in time to many of the older Linux and Unix distros, they 
were filled with them.  Along with role accounts that had shell access, 
then by default many of these accounts then had ssh or telnet access.

Script kiddies will try these endlessly because they can and their 
searches usually find a target or two to exploit.

Lyle